Every year cybersecurity incidents make national headlines and cause every business owner to reconsider their personal security measures and processes.
The recent Colonial Pipeline ransomware hack – which halted fuel distribution on the East Coast for a week – is a prime example of such an incident.
Will your weak security leave your clients waiting in line?
Colonial Pipeline Company is the operator of the largest pipeline system for refined oil products in the United States. All systems, and fuel distribution, resumed normal operation after the company paid a 75-bitcoin ransom to an Eastern Europe-based cybercriminal hacking group. The company paid the ransom to DarkSide, and it was worth $5 million at the time of the incident.
Fuel shortages continue to be a problem in many key markets served by the pipeline system. As many as 80 percent of gas stations in Washington, D.C. were without fuel as of Saturday morning.
Instead of being able to fill their car with gas, cybersecurity experts across the nation worry about the message the Colonial Pipeline hack is sending to other hacking groups.
Ransomware Attacks Are Common
If you don’t pay attention to cybersecurity-related news, then ransomware attacks may seem rare to you. Perhaps that they only affect large enterprises and organizations. The reality is very different.
In 2020, there were a total of 304 million ransomware attacks worldwide. That amounted to a 62 percent increase from the year prior. From time to time, cybercriminals pull off a headline-worthy attack, but most ransomware attacks never receive any publicity.
The threat actor behind the Colonial Pipeline ransomware hack, the DarkSide hacking group, typically focuses on lower-end ransoms. They demand these victims pay anywhere between $80,000 to $100,000 to regain access to their data. They perform about 10 smaller hacks a month earning them $12 million a year.
Hackers are motivated by money. Targeting smaller businesses and avoiding the attention of news reporters and three-letter agencies, suits them well.
Paying the Ransom Is Not the Right Solution
According to IBM Security’s X-Force survey of executives at 600 businesses of all sizes, 70 percent of businesses infected with ransomware have paid the ransom to get their data back. The decision to pay the ransom comes down to simple math, as was the case with the Colonial Pipeline ransomware hack.
The DarkSide hacking group took down Colonial Pipeline’s billing system, leaving it unable to track fuel distribution and bill customers. The hackers also stole approximately 140 GB of accounting, research, and development data from the company’s servers. They then preloaded them online to be published.
From the financial point of view, paying the ransom was an easy decision. Unfortunately, decisions like this send the wrong message. They embolden other groups going forward.
“I can’t say I’m surprised, but it’s certainly disappointing,” says Brett Callow, a threat analyst at antivirus company Emsisoft, about Colonial Pipeline’s decision to pay the ransom.
“Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”
For the same reason, the FBI and other law enforcement groups discourage ransomware victims from paying the ransom. They recommend focusing on improving their defenses and recovery capabilities instead.
Prevent Weak Security from Leaving Your Clients Waiting in Line
As dangerous as they are, you can avoid ransomware attacks by following basic ransomware prevention best practices:
Multi-factor authentication is an authentication method that requires the user provide two or more verification factors to gain access to a resource (e.g., application, online account, VPN). You should use MFA wherever possible.
In many cases, it is included with your subscription (e.g., M365, Google, etc.). Be sure to enable it if it is not already.
Cybersecurity Awareness Training with Simulated Phishing Attacks
Hacking groups rely on social engineering techniques to obtain credentials that allow them to evade established cybersecurity defenses with minimal effort. Employees should learn how to recognize them by completing cybersecurity awareness training.
Backup and Recovery
Ransomware attacks are effective because organizations can’t afford to lose their data. You can save yourself the loss by creating backups of important data and storing it offline in an encrypted format. That way if suffer an attack, you can wipe affected devices clean and recover everything you need do your work.
Cybersecurity Response Plan
You should have a documented, written plan to guide your response to a ransomware attack. The plan should:
- Describe everyone’s roles and responsibilities
- Detail mandatory notification procedures
- Include other essential information
Ransomware leaves behind an easily recognizable signature on the network. There are many tools and solutions that can spot it early – giving you time to act.
Unpatched vulnerabilities are like secret unlocked doors that invite attackers to come in and wreak havoc. To close these doors, you need to update all hardware and software on your network as soon as possible.
We are passionate about helping leaders like you leverage technology to grow and secure your business. Contact us if we can be of assistance or to learn more about our sophisticated cybersecurity services.